No description
setup | ||
admin-role.yaml | ||
admin-user.yaml | ||
ansible-haproxy.yaml | ||
certmanager-default.yaml | ||
certmanager-manifest.yaml | ||
haproxy.cfg | ||
helm-wordpress.yaml | ||
k8spress.yaml | ||
kubernetes-dashboard.yaml | ||
letsencrypt-prod.yaml | ||
letsencrypt-staging.yaml | ||
nginx-ingress.yaml | ||
nginx-nodeport.yaml | ||
README.md | ||
rook-block.yaml | ||
rook-cluster.yaml | ||
rook-filesystem.yaml | ||
rook-object.yaml | ||
staticpage-ingress-ssl.yaml | ||
staticpage-ingress.yaml | ||
staticpage.yaml | ||
tiller.yaml |
Cluster playground
patch & install hetzner-kube
docker pull golang
docker run --rm -ti --name=golang golang bash
git clone https://github.com/xetys/hetzner-kube
cd hetzner-kube
sed -i s'/kubernetes-cni/kubernetes-cni=0.6.0-00/' pkg/clustermanager/provision_node.go
go build
docker cp golang:/go/hetzner-kube/hetzner-kube .local/bin/hetzner-kube
chmod +x .local/bin/hetzner-kube
setup cluster
hetzner-kube cluster create --name k8s-test --node-cidr 10.42.23.0/24 --ssh-key melpomene (-w 3)
hetzner-kube cluster kubeconfig k8s-test
kubectl cluster-info
helm
install kubernetes-helm from your package manager…
kubectl apply -f tiller.yaml
helm init --service-account tiller
rook.io
helm repo add rook-beta https://charts.rook.io/beta
helm install --namespace rook-ceph-system rook-beta/rook-ceph
kubectl apply -f rook-cluster.yaml
kubectl apply -f rook-block.yaml
kubectl patch storageclass rook-ceph-block -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
kubectl apply -f rook-filesystem.yaml
kubectl apply -f rook-object.yaml
dashboard
kubectl apply -f kubernetes-dashboard.yaml
kubectl apply -f admin-user.yaml
kubectl apply -f admin-role.yaml
kubectl -n kube-system get secret | grep admin-user | cut -d' ' -f1
kubectl -n kube-system describe secret admin-user-token-...
kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
nginx-ingress
kubectl apply -f nginx-ingress.yaml
kubectl apply -f nginx-nodeport.yaml
frontend LB variante 1
scp haproxy.conf root@ssh root@$(hetzner-kube cluster master-ip k8s-test):
ssh root@$(hetzner-kube cluster master-ip k8s-test)
apt install -y haproxy
mv haproxy.cfg /etc/haproxy/haproxy.cfg
systemctl restart haproxy
frontend LB variante 2
ssh root@$(hetzner-kube cluster master-ip k8s-test) apt install -y python
ansible-playbook -i "$(hetzner-kube cluster master-ip k8s-test)," -u root ansible-haproxy.yaml
static page
kubectl apply -f staticpage.yaml
kubectl proxy
http://localhost:8001/api/v1/namespaces/testsite/pods/http:static-nginx:/proxy/#!
add ingress
kubectl apply -f staticpage-ingress.yaml
set up SSL
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
kubectl apply -f certmanager-manifest.yaml
create issuers
adapt email!
kubectl apply -f letsencrypt-staging.yaml
kubectl apply -f letsencrypt-prod.yaml
default issuer
kubectl apply -f certmanager-default.yaml
add ssl to testsite
kubectl apply -f staticpage-ingress-ssl.yaml
test deployment
kubectl apply -f k8spress.yaml
(adapt hostname!)
teardown
hetzner-kube cluster delete k8s-test